# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1260296439 -3600
# Node ID b3578583b57bf1b91469d713f934d9a449dc0dd1
# Parent  a5ec0475601e5c50e69e146f76a5bf5f1d6f1f52
properly escape arguments of user callbacks

diff -r a5ec0475601e -r b3578583b57b view.py
--- a/view.py	Tue Dec 08 19:19:01 2009 +0100
+++ b/view.py	Tue Dec 08 19:20:39 2009 +0100
@@ -11,8 +11,11 @@
 
 from cStringIO import StringIO
 
+from simplejson import dumps
+
 from logilab.common.deprecation import deprecated
 from logilab.mtconverter import xml_escape
+
 from rql import nodes
 
 from cubicweb import NotAnEntity
@@ -460,11 +463,12 @@
 
     def build_update_js_call(self, cbname, msg):
         rql = xml_escape(self.rset.printable_rql())
-        return "javascript:userCallbackThenUpdateUI('%s', '%s', '%s', '%s', '%s', '%s')" % (
-            cbname, self.id, rql, msg, self.__registry__, self.div_id())
+        return "javascript:userCallbackThenUpdateUI('%s', '%s', %s, %s, '%s', '%s')" % (
+            cbname, self.__regid__, dumps(rql), dumps(msg),
+            self.__registry__, self.div_id())
 
-    def build_reload_js_call(self, cbname, msg):
-        return "javascript:userCallbackThenReloadPage('%s', '%s')" % (cbname, msg)
+     def build_reload_js_call(self, cbname, msg):
+         return "javascript:userCallbackThenReloadPage('%s', %s)" % (cbname, dumps(msg))
 
     build_js = build_update_js_call # expect updatable component by default